The UK has launched a widescale programme to protect its health services from the growing threat of cyber-attack.
The Cyber Security Strategy for Health and Adult Social Care has been officially launched with ministers saying it sets out a plan to “promote cyber resilience across the sector by 2030, protecting services and the patients they support”.
The aim is to ensure services are better protected from cyber threats, further securing sensitive information and ensuring patients can continue accessing care safely as the NHS continues to cut waiting lists.
“Technology is transforming how people access health and care services and information,” said a spokesperson for the Department of Health and Social Care. “Over 40 million people now have an NHS login, helping them book appointments, track referrals, and order medications online. Over 50% of social care providers now use a digital social care record, helping staff share vital information about the people they care for.
“As digital systems are adopted to improve health and care services for people across the country, it is vital the health and care sector has the tools it needs to better protect patients’ information.”
The strategy will ensure health and adult social care organisations across England are set up to meet the challenges of the future – from identifying areas in the sector which are most vulnerable, to better utilising resources and expertise across the country to defend against cyber-attacks.
Health minister Lord Markham explained: “We’re harnessing the power of technology to deliver better, safer care to people across the country – but at the same time it’s crucial we’re also bolstering the defences of our health and care services.
“This new strategy will be instrumental to ensure every organisation in health and adult social care is set up to meet the challenges of the future.
“This is an important step to ensure we’re building an NHS which is sustainable and fit for the future, with patients at the centre.
“The health and social care sector has made good progress in recent years, by using the increasing number of cyber defence and response tools it has at its disposal. The sector is now much better protected from attacks than it was at the time of the WannaCry cyber-attack in 2017.”
NHS Trusts now benefit from a direct link to NHS England’s Cyber Security Operations Centre (CSOC), which delivers real time protection against any suspicious activity to approximately 1.7 million devices across the NHS network. Around 21 million malicious emails are also blocked every month.
The vision includes five key pillars to minimise the risk of cyber-attacks and other cyber security issues, and to improve response and recovery following any incidents across health and social care systems including for adult social care, primary and secondary care. This includes:
- Identifying the areas of the sector where disruption would cause the greatest harm to patients, such as through sensitive information being leaked or critical services being unable to function.
- Uniting the sector so it can take advantage of its scale and benefit from national resources and expertise, enabling faster responses and minimising disruption.
- Building on the current culture to ensure leaders are engaged and the cyber workforce is grown and recognised, and relevant cyber basics training is offered to the general workforce.
- Embedding security into the framework of emerging technology to better protect it against cyber threat.
- Supporting every health and care organisation to minimise the impact and recovery time of a cyber incident.
A full implementation plan will be published in Summer 2023 setting out detailed activities and defining metrics to build and measure resilience over the next two to three years, according to a spokesperson.